$OpenBSD: README,v 1.8 2016/11/17 21:56:59 sthen Exp $

+-----------------------------------------------------------------------
| Running ${FULLPKGNAME} on OpenBSD
+-----------------------------------------------------------------------

Standard Roundcube installation/upgrade
=======================================
See ${INSTDIR}/INSTALL and ${INSTDIR}/UPGRADING
for more information.

OpenBSD's standard PHP package uses the Suhosin extension. Disable session
encryption by adding "suhosin.session.encrypt = false" to ${SYSCONFDIR}/php-${MODPHP_VERSION}.ini.

Database access is done via PDO. If you are using MySQL or PostgreSQL,
make sure the the relevant package (php-pdo_mysql or php-pdo_pgsql) is
installed and enabled.


Setup with Apache
=================
With Apache, AllowOverride settings are required on the ${INSTDIR}
directory. You can configure this as follows:

# ln -s ../modules.sample/roundcubemail.conf \
        /var/www/conf/modules
# /etc/rc.d/apache2 restart


Setup with other web servers
============================
Review the .htaccess files as you may need to use them as a template to
adjust various PHP settings in ${SYSCONFDIR}/php-${MODPHP_VERSION}.ini

With clients using certain versions of Internet Explorer, cache-control
headers must be adjusted for file downloads to work correctly over HTTPS.
Roundcube does this automatically but requires that the HTTPS variable
is passed to PHP. This is normally set by Apache mod_ssl, but not by
other servers; it will show as an environment variable in a phpinfo()
call if you want to check.

If this is not present it will need adding as a FastCGI parameter.
For nginx, you can do this by setting 'fastcgi_param HTTPS on' in the
appropriate location{} block for HTTPS.

Sample NGINX configuration
--------------------------
The maintainer uses this configuration with NGINX to provide webmail
service at the root of a host (e.g. https://mail.example.org/).

server {
    server_name mail.example.org;
    listen 80;
    listen [::]:80;
    location /.well-known/acme-challenge { root /var/www/letsencrypt/; }
    location / { return 301 https://mail.example.org$request_uri; }
}

server {
    server_name mail.example.org;
    root /var/www/roundcubemail/public_html;
    index index.php;

    ssl_certificate /etc/letsencrypt/live/mail.example.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mail.example.org/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/mail.example.org/fullchain.pem;
    add_header Strict-Transport-Security max-age=15552000;
    include ssl_params;

    location /.well-known/acme-challenge { root /var/www/letsencrypt/; }
    location ~* \.php$ { 
        try_files       $uri =404;
        fastcgi_pass    unix:run/php-fpm.sock;
        fastcgi_param   SCRIPT_FILENAME $document_root/$fastcgi_script_name;
        fastcgi_param   HTTPS on;
        include         fastcgi_params;
    }
}
